[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: olcTLSCipherSuite?

To: Eric Irrgang <erici@motown.cc.utexas.edu>
Subject: Re: olcTLSCipherSuite?
From: Howard Chu <hyc@symas.com>
Date: Tue, 23 Jan 2007 14:23:48 -0800
Cc: openldap-software@openldap.org
In-reply-to: <Pine.GSO.4.63.0701231328580.22221@grapevine.cc.utexas.edu>
References: <Pine.GSO.4.63.0701231328580.22221@grapevine.cc.utexas.edu>
User-agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9a2pre) Gecko/20070122 Netscape/7.2 (ax) Firefox/1.5 SeaMonkey/1.5a

Eric Irrgang wrote:

Does the TLSCipherSuite directive translate to anything in cn=config?
I'm not seeing anything when I convert my slapd.conf file and the server doesn't seem to be interpreting the directive "TLSCipherSuite HIGH:MEDIUM" the way I would expect. That is, to only allow high and medium strength connections while trying to negotiate high-strength first.

Sounds like a bug. olcTLSCipherSuite is in the schema, but you're right, I don't see it turning up. You should file an ITS for this.

--
  -- Howard Chu
  Chief Architect, Symas Corp.  http://www.symas.com
  Director, Highland Sun        http://highlandsun.com/hyc
  OpenLDAP Core Team            http://www.openldap.org/project/

References:
- olcTLSCipherSuite?
  - From: Eric Irrgang <erici@motown.cc.utexas.edu>

Prev by Date: Re: Error using TLS
Next by Date: Re: getting DN from client with GSSAPI bind?
Index(es):
- Chronological
- Thread